<?php
require '../include/common.inc.php';
require './include/global.func.php';
require '../include/form.class.php';
include './include/user.class.php';
include './include/role.class.php';

$user_db = new user;

if( isset( $_POST['username'] ) )
{
    //ip禁止 start
    include_once './include/ipbanned.class.php';
    $ipbanned = new ipbanned;
    $res = $ipbanned->get_ips(1,1,IP);
    if($res)
    {
        $response->alert("您的IP已经被禁止");
        $response->real_execute();
    }
    //ip禁止 end

    $userid = $user_db->get_userid( $username );
    $info = $user_db->get_user( $userid );
    if( !$info )
    {
        $response->text_alert( 'error', 'username', '用户不存在' );
        $response->real_execute();
    }
    if( isset( $password ) )
    {
        $password = md5( $password );
    }
    if( $password != $info['password'] )
    {
        $response->text_alert( 'error', 'password', '密码不正确' );
        $response->real_execute();
    }
    if( $info['status'] != STATUS_NORMAL )
    {
        $response->text_alert( 'error', 'username', '用户不存在' );
        $response->real_execute();
    }
    $userdata = $user_db->login( $username, $password );
    if( $userdata )
    {
//        session_start();
        define( 'INTO_EDUFECMS', TRUE );
        $role = new role();
        $role_list = $role->get_role_by_ids(explode( ",", $userdata['roles'] ));
        $current_user = array( 'userid' => $userdata['userid'],
                               'username' => $userdata['username'],
                               'truename' => $userdata['truename'],
                               'status' => $userdata['status'],
                               'usertype'	=>	$userdata['usertype'],
                               'groups' => explode( ",", $userdata['groups'] ),
                               'roles' => $role_list,
    );
    $perms = get_function_point_perm();
    $current_user['perms'] = $perms;
        $_SESSION['current_user'] = $current_user;
    }
    else
    {
        $response->text_alert( 'error', 'username', '用户名或密码错误' );
        $response->real_execute();
    }
    
    if($current_user['usertype']!=USER_TYPE_SUPER && !can_view_resource($current_user['username'], 'site', get_current_site()))
    {
        $response->alert('您没有在当前站点登陆的权限');
        $response->real_execute();
    }
    $url = !empty($forward) ? $forward : "index.php";
    $response->redirect( $url );
    $response->execute();
}
else
{
    include template( 'admin', 'login' );
}

?>
